- Sprint WiMAX service now online in Baltimore
- Nintendo to launch DS with camera, music player
- 50 tools to speed up your PC
- VMware KOs a roughly built Hyper-V package
- Enterprises overpay for antivirus software
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SOA | Value of WDS
WAN experts Steve Taylor and Jim Metzler analyze and share best practices on WAN issues from optimization to management.
Some forms of WAN firewalls have been around for a couple of decades. It is hard to deny that firewalls are helpful. They are. It is also hard to argue that they are very exciting. In fact, since the turn of the century the types of security threats facing IT organizations has changed dramatically while the WAN firewall has not added much new functionality. That situation appears to be changing. As we’ll explain in the next couple of newsletters, a next-generation WAN firewall is being deployed that is intended to combat the security threats of the 21st century.
Our industry uses the phrase “next-generation” somewhat indiscriminately. For example, vendors often use the phrase to describe a simple upgrade to one of their products. That kind of hyperbole has the tendency of creating cynicism on the part of IT organizations. As part of our trying to avoid getting caught up in the overzealous enthusiasm of some marketing VP, we will state our belief that a next-generation product should be fundamentally different than anything that is currently available on the market.
Before we get to the topic of what a next-generation firewall would look like, we want to briefly look at how firewalls have or have not evolved. For starters, it is helpful to realize that the first generation of firewalls was referred to as packet filters. These devices functioned by inspecting packets to see if the packet matched the packet filter's set of rules. Packet filters acted on each individual packet (i.e., 5-tuple consisting of the source and destination addresses, the protocol and the port numbers) and did not pay any attention to whether or not a packet was part of an existing stream or flow of traffic.
Today most firewalls are based on stateful inspection. According to Wikipedia, "A stateful firewall is able to hold in memory significant attributes of each connection, from start to finish. These attributes, which are collectively known as the state of the connection, may include such details as the IP addresses and ports involved in the connection and the sequence numbers of the packets traversing the connection. The most CPU intensive checking is performed at the time of setup of the connection. All packets after that (for that session) are processed rapidly because it is simple and fast to determine whether it belongs to an existing, pre-screened session. Once the session has ended, its entry in the state-table is discarded."
Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim Metzler is vice president of Ashton, Metzler & Associates.
This comprehensive, 115 page guide provides frontline network troubleshooters with practical advice...
The Mandate to Better Integrate Network Planning and Operations, by Jim MetzlerThis white paper by analyst Jim Metzler presents evidence that the gap between network planning and...
Network Seismology: How Metcalfe's Law Is Driving the Demand for a New Breed of Network Monitoring ProbesSeismograph machines have long been recognized for their accuracy and reliability. Modern...
Ever wanted to know more about how network traffic flow protocols like NetFlow, JFlow, SFlow, and...
Mastering Network Monitoring in the SMBFind out what is going on right now with all your network devices, servers and applications that...
Best Practices for Managing Network ApplicationsToday's IP networks are faster and more reliable than ever before. As a matter of fact, they've...
Download this Network World Executive Guide and get information that details how real-world...
WAN Optimization: How to rev up sluggish applicationsWAN optimization technology is maturing and buyers are more comfortable than ever with tools that...
Network World Executive Guide: Perfecting Application Performance ManagementApplication performance-management vendors are dangling a new carrot in front of network executives...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Simplify Your Branch Infrastructure
Learn how to simplify your branch infrastructure while dramatically increasing app performance with Citrix Branch Repeater.
Download the Free Info Kit
Next-Gen Load Balancing
Free Guide: "Next Gen Load Balancing: 8 Things You Need to Handle Today's Network Traffic" shows you the functionality needed in your next load balancer.
Download the Free Guide
Accelerate Your Web Apps by up to 5x
Free Guide: "The Secret to Getting Maximum Speed from your Web Applications." Learn how you can deliver Web apps up to 5x faster.
Download the Free Guide
Comment